lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2012 08:13:59 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Eric Paris <eparis@...isplace.org> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, Mimi Zohar <zohar@...ibm.com>, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>, Stephen Smalley <sds@...ho.nsa.gov> Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency On Wed, May 16, 2012 at 7:13 AM, Eric Paris <eparis@...isplace.org> wrote: > > So we would have no checks for anonymous mappings? We actually do > have some controls around them today > > http://www.akkadia.org/drepper/selinux-mem.html > > It's mostly around W+X memory. (or was W now X memory) Ahh, ok. So I guess that won't work. That said, I think do_brk() can already today be used to avoid those checks, since it does a mmap with VM_DATA_DEFAULT_FLAGS, which includes exec if the current personality includes READ_IMPLIES_EXEC - which is trivial yo do. I wonder if the rwx checks could be split up too - the access protection from the *file* is really a separate issue from the access protection of the *mapping*, if you see what I mean.. Then we could do it at do_brk() time too. Linus > > Admittedly with the growing prevalence of JiT stuff we are using those > protections less and less and less.... > > Not certain how happy some will be to see them completely disappear.... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists